- 积分
- 106
- 鸿鹄币
- 个
- 好评度
- 点
- 精华
- 最后登录
- 1970-1-1
- 阅读权限
- 20
- 听众
- 收听
助理工程师
|
海外,88X 分过的,考试时故意错了几个题。参考了坛子里多个版本 (alomar,lining7, romantictriv等),在这里一并感谢。 感觉Alomar的124Q是最好的,因为有截图。Romantictriv的125Q VCE适合考前练习,没有截图,不便于记忆。
7 h A8 o1 W) P# Z ]% Z \+ P针对124Q的一些答案,我有自己的看法,在这里列出来,供后来者参考。记得是参考!!) z9 Y% O/ B/ I3 {
Q2,Which criteria does ASA use for packet classificaton if multiple contexts share an ingrss interface MAC address?
1 m& T& e8 |6 C3 Y) N4 XF, ASA NAT configuration
' r1 u9 s' W V
( G9 M* _4 o8 a0 Q- xQ18, SenderBase reputation scoring?6 q" y( r3 k- J5 Z4 h4 @+ ?
D, You can configure a custom score threshold for whitelisting messages" b2 D$ w. {: b; ], g" ]7 M" E
4 u+ a) J* Z! E: `2 v$ s1 A9 FQ19. Router(config)# cts sxp reconsiliation period 180/ {. l2 k8 }" x* B2 }
B, If a peer reconects to the device within 120 seconds of terminating..1 j ~0 M3 q' m( }3 P5 b1 G
C. If a peer re-establiehes a conneciton to the device before hold-down timer expires....
9 O% x! t" b5 l; f( I7 ^* i* Q! G" z% J; Q; W$ P; E
Q27. which statement about securing conneciton using MACsee is true?" Q' m8 B; @! ^
这个比较纠结,答案F it provides network layer encryption on a wired network 显然是错的,应该是MAC layer的加密
9 P5 B0 N) m5 S貌似可能的答案:( ]+ u; N8 G z7 T9 ?, k" |1 w
C. a switch use session keys to calculate encrypted packet ICV value..问题是,交换机是先decrypt packet之后再计算的ICV value t. m7 D# p8 c, v
D. switch configured for MACSec can accept MACSec frame from the MACSec client. 考前我觉得应该是这个,因为A device that uses MACsec accepts either MACsec or non-MACsec frames, depending on the policy associated with the client.但考试的时候答案稍微不同,多了一个字:switch configured for MACSec can ONLY accept MACSec frame from the MACSec client.
7 U* v* e0 c6 q
. i! J! d; |/ F5 p3 FQ41 which statement about Remote Triggerd Black Hoel, _4 k% D! c' I+ u
E. it drops malicious traffic at the customer edge router by forwading it to a Null0 interface
* g: S0 g0 d6 `0 v3 H1 H9 `9 l! E3 y2 @D显然是错的,因为RTBH可以基于source (RFC5635)或destination (RFC3883)做; V* W) |5 r, ^7 Q" Y' e
) m x Y% ?8 s0 O+ ZQ42 which statement about Cisco VSG functionality
# n4 `" H8 \9 k1 S) S' HE. it provides trusted access to VMs in an enterprise data center 其实这个答案也不太对,但别的的答案都是明显错,比如
3 N2 x" x& Q2 w+ J. gA it allows..security administrator to author and manage port profile - 应该是network administrato才能管理port profile,所以不对
4 n) K5 P: f/ s. s2 c- y* {2 |6 B% Y% M H
Q52 which 3 similarities between container and virtual machines?
3 Z4 f, F4 a2 F" w8 IA. prviate space for processing, E. private network address F. allow custom routes 这是来自freecodecampe网站的一段原话
0 h+ r7 k! Z' W7 V' S/ t
& R4 z& p! a% A: \: CQ58 in order to enable CA featue using SCEP, which 3 confguration steps7 c) n8 o, U3 X6 l
B. set an authoritative clock source E. enable ip http server F. issue no shut under the crypto ski CCO上的参考配置% j \7 ^$ L2 C3 b
# p/ d: x- J0 N( f! N, {Q74 which security capablility cn best prevent zero-day malware and attacks?
: D2 Z) T' R; @B. threat intelligent. 不太可能是A. IPS 因为这里针对的是zero-day的malware
& f$ Y5 R ]1 Z9 g) @
- T5 p; `" @ [Q90 configuring URL Redirect for Cisco ISE posture validation, you need to create redirect ACL's on switch and WLC, you will
M, ]8 q1 O" GB. Permit traffic to ISE on the switch ACL and deny traffic to ISE in the WLC ACL. 这个应该是实现redirect的标准做法,其它都不对
r% ~+ _* U% G& R1 w8 v7 \) u5 }. h& M2 M y* b$ n& ^4 H
Q99 which of the following statement aobut CisocTrustSec is incorect! w2 b! _( x7 v0 o4 t5 l, I+ N
A. SXP is required for SGT propogation SGT propogation还有另外一种方式 (硬件支持)% i, [* q" ^5 k7 v. u
& i5 B9 u! w" z0 k/ q; vQ109 which statement correctly describe how DMVPN can be used to provide nework segmentation7 E, u0 w2 ]3 X' ]1 @
B DVMPN can be used to transport MPLS packets inside of an mGRC tunnel
- z" \5 J+ `. v, v! s* R1 m, H6 G8 T: l5 e$ @" u
再次强调,这个是我个人的判断,仅供参考。祝考试顺利。6 ^: f0 b$ {- S1 ?7 I( J
0 J: z5 C; Q5 K& D g
& [0 C4 A3 t+ p7 g. o& [- W& t( y7 Y
|
评分
-
查看全部评分
|
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
发表于 2019-12-8 23:10:03
置顶卡
喧嚣卡
变色卡
千斤顶
成长值: 10405